►
From YouTube: DASH High Availability Working Group Sep 27 2022
Description
Unplanned Switchover discussion
Requested updates to HA Proposal document
Thank you Sanjay for presenting!
Next week discussion on MetaData policies/expectations
A
Thanks
for
coming
to
high
value,
High
availability
meeting
today,
September
27th,
so
I
was
out
last
week
and
reshma
hosted
for
us
last
week.
So
thank
you
very
much
for
doing
that.
Reshma
I
have
the
the
notes
here
about
things
that
we
talked
about
last
week
and
looks
like
we
had
some
things
that
need
to
be
added
to
the
hlds
that
I'll
take
care
of
and
looks
like.
We
talked
about.
You
know
how
to
do
certain
things.
A
You
know
verify
Behavior
things
like
that,
and
so
we're
saying
that
the
document
review
is
completed,
the
the
one
from
AMD
and
so
I
hope
everyone
agrees
with
that.
Were
there
any
other
q
a
for
them
or
anything,
we
could
probably
bring
that
up
in
this
call,
and
then
it
looked
like
this
week.
We
wanted
to
talk
about
this
line
here
packet
flow
and
see
what
happens
when
there's
no
act
from
standby
and
then
overlay
ecmp
with
AJ
from
Gohan.
So.
C
A
A
A
A
C
So
I
think
here
this
is
a
this-
is
the
easier
flow,
so
I
think.
The
notion
here
is
I'll
just
quickly
go
over
and
then
go
on.
You
can
put
any
specific
questions
and
we
can
talk
about
so
this
is
I.
Think
glass
of
the
heartbeat
once
we
detect
loss
of
heartbeat,
we
update
that
we
have
lost
peer.
Connectivity
has
been
lost
right
on
the
old
standby
side
and
then
we
switch
over.
There
is
a
jump
to
becoming
the
Standalone
primary
right.
C
Once
I
move
to
Standalone
primary,
the
peer
is
gone,
so
there
is
no
sync
happening
anywhere
right.
We
continue
forwarding
with
whatever
state
we
have
the
flow
state
that
we
have
and
the
controller
has
the
option
of
coming
and
initiating
flow
reconcile.
I
think
the
idea
here
is
once
the
controller
knows
that
we
have.
The
configuration
is
at
the
same
level
where
it
needs
to
be.
Then
there
is
a
flow
reconcile
when
we
do
the
flow
reconciliation.
We
re-evaluate
the
flows
based
on
the
current
policy.
C
Whatever
is
the
policy
that
is
there
and
then,
if
there
is
any
changes
to
be
applied,
for
example,
deny
flow
might
be?
Might
have
become
a
permit
or
the
other
way
around
or
anything
any
other
changes
that
are
needed.
Those
changes
are
applied
and,
and
at
that
point
we
are
done
so
that's
the
high
level
flow
right
during
this
I
think
once
we
switch
to
primary
I
think
the
key
thing
is
there
is
no
more
syncing.
There
is
no
this
thing
because
there
is
no
PR
available
at
that
point.
B
C
That
is
there
because
we
might
apply
a
older,
config
and
disrupt
traffic
and
then
come
back
again
and
then
the
controller
catches
up
the
config
and
then,
with
this
thing,
so
I
think
there
was
a
request
from
Microsoft
to
leave
that
control
in
the
controllers.
This
thing
so
that
we
don't
disrupt
traffic
any
existing
traffic.
B
C
Could
be
so
we
might
have
two
primaries
in
the
network,
so
what
happens
is
if
there
is
a
partition
like
that
there
is
a
network
partition
like
that.
I
mean
it
may
not
be
a
network
version,
let's
say
I
think
you're
right
one,
for
example,
the
case
might
be
a
little
contrived,
but
let's
say
there
is
in
the
network,
someone
put
a
rule
or
some
some
ACL
or
something
like
that,
which
blocks
only
the
heartbeat
traffic
right.
C
Only
or
somehow
some
of
it
affects
the
heartbeat
traffic
right
and
the
heartbeat
traffic
is
not
being
you
know,
received
and
there's
no
communication
on
the
heartbeat
Channel
between
the
two.
If
that
is
the
case,
we
would
switch
over
and
I
think
here.
The
Bad
Case
would
be
where
there
is
partially
done
right
in
the
sense
the
heartbeat
is
broken,
but
the
rest
of
the
network
is
fine.
If
that
is
the
case,
that
is
still
fine.
C
What
happens
in
that
case
is
the
in
that
scenario,
because
currently
I
think
because
we
are
advertising
bgp,
for
example,
if
you're
using
bgp
if
the
control
net
we
are
doing
with
this
ASP
pen
right.
So
what
would
happen
is
the
rest
of
the
network
would
still
send
traffic
only
to
the
primary
right
and
not
to
the
secondary.
C
So
what
would
happen
essentially
is
the
secondary
would
think
it
is
in
Standalone
primary
but
receive
no
traffic,
but
the
active
things
that
it
is,
whoever
is
the
admin
active,
thinks
that
it
is
Standalone
primary
and
then
it
receives
traffic
and
continues
to
forward.
Let's
say
when
the
connectivity
gets
restored
for
the
yeah.
C
C
On
the
standby
side,
here
we
need
to
raise
the
event
which
the
controller
needs
to
monitor.
I
think
the
key
thing
is
how
when
does
the
controller
say
till
this
for
the
switchover
itself?
We
don't
need
the
controller
to
know
the
only
the
only
portion
where
the
controller
needs
to
get
involved
is
after
the
switch
over
if
you
have
to
do
flow
reconciliation
right.
That
is
when
no,
but.
D
C
That
is
just
the
flow
reconcile
so
and
if
so,
the
thing
is
so
the
standby
is
acting
like
we
were
talking
right.
So
all
the
flows
on
the
standby
are
following.
This
are
following
the
policies
on
the
active
side
right,
so
we
created
the
flow
on
the
active
before
switch
over
right.
So
there
was
a
flow.
There
was
a
that
hit
the
active,
we
looked
up,
the
policies
and
the
policies
might
be
either
allowed
deny,
or
it
could
be
some
metering
policies
or
something
else
right.
C
So
we
created
the
flow
according
to
the
policies
on
the
active
and
we
think
the
flow,
as
is
with
the
metadata
to
the
standby,
and
we
don't
want
to
reapply
the
policy
on
the
standby
because
then
we
would
be
out
of
this
thing,
so
we
take
the
same
metadata.
Whatever
is
the
policy
results
on
the
active
and
sync
the
flow
to
the
standby?
So
now,
when
a
switch
over
happens,
the
flow
is
is
according
to
whatever
policies
were
there
on
the
old
primary
right.
C
Whatever
was
the
whole
primary
now
we
continue
forwarding
the
flows.
Now
there
could
be
it's
potential,
potentially
it's
possible
that
the
configuration
state
of
the
policies
on
the
on
the
secondary
side
is,
is
a
little
behind
or
is
different
than
what
what
the
flows
are
indicating
right.
The
this
thing
because
it
followed
whatever
was
there
on
the
primary
now
we
want
to
bring
it
in
sync
between
the
policy
and
whatever
is
the
Flow
State,
so
that
is
triggered
by
the
flow
reconcile.
C
When
the
flow
reconcile
happens,
we
walk
all
the
flows,
re-evaluate
the
policy
right
and
bring
it
back
to
so
there
might
be
change
in
the
flow
itself.
We
may
need
to
do
some
reconciliation
right.
There
might
be
a
new
metering
class
that
is
applied
to
a
flow
in
the
act
in
the
old
primary.
It
was
different,
but
now
the
configuration
on
this,
the
on
the
new
on
the
secondary
or
the
new
upper
primary
say
something
different
right.
D
C
Yes
or
it
might
be,
but
maybe
between
switchover
or
let's
say
there-
is
a
policy
update
when
the
policy
update
happens.
The
controller
is
not
that
it's
not
Atomic
operation
right
to
sync,
the
policy
to
the
primary
and
the
secondary
at
exactly
the
same
time
right
so
there
might
be
the
primary
might
have
gotten
updated,
but
not
the
secondary,
yet
that
it
is
following
behind.
It
could
happen
that
way.
So
then,
we'll
be
I
mean
within
the
node.
It's
not
possible
to
know
whether
the
policy
is
up
to
date
or
not.
C
So
we
let
the
current.
We
leave
that
control
to
the
controller.
Let
us
know
that
okay
policy
is
now
up
to
date.
Right
now
you
can
go
and
if
you
know
reconcile
this
Flow
State
like
we
don't
want
to
be
caught
up
behind.
We
don't
want
to
be
applying
an
older
policy
and
then
disturbing
the
flow,
and
then
immediately
after
that,
we
get
the
newer
policy
and
then
reapply,
and
then
we
don't
want
to
do
that.
So
we
just
want
to
hold
off
on
reapplying
so
in
the
reconciliation
either.
C
B
C
This
would
be
dependent
on
for
us,
detecting,
heartbeat
loss
right
and
anything
that
we
need
to
the
data
plane
to
start
forwarding
again
start
forwarding
right
so
far
we
mean
the
standby
is
dropping
traffic
right.
We
are
not.
Even
if
you
receive
traffic,
we
will
not
use
the
flow
state
to
forward,
because
the
state
of
the
data
plane
is
in
standby.
C
Right
is
in
the
secondary
state,
so
we
have
to
do.
There
is
some
activity
that
we
need
to
do
to
start
forwarding
right.
That
is
one,
and
the
second
is
the
second
component.
That
is
one
component,
which
is
software,
work,
software
or
whatever
work
on
the
DPR
on
the
Node
itself.
There
is
also
this
thing,
which
is
a
another
component
for
drops,
which
is
the
Network
itself
right.
C
So
when
the
this
thing
switches,
if
you
need
to
let's
say
there-
is
an
actual
failure
on
the
primary
side,
for
example,
bgp
or
whatever
is
the
network
protocol
has
to
has
to
reconverge
and
forward
start
forwarding
all
the
traffic
to
the
prime
to
the
secondary
side.
So
this
two
seconds
is
our
goal:
Gohan
right!
This
is
what
we
want
to
I
think
all
our
testing,
whatever
I
mean
so
far.
What
we
have
done
is
to
make
sure
that
we
do
not
exceed
that
two
seconds
right.
B
Yeah
I
guess
that
part
is
the
goal,
but
to
what?
What?
What
are
the
components
that
you
know
in
this
system
to
you
know
to
to
help
us
to
reach
that
goal?
That's
my
question
right,
so
you
know
what
what
are
the?
What
are
the
components
that
you
mentioned
is
a
heartbeat
and
you
mentioned
the
network.
So
how
do
we
guarantee
the
you
know,
the
heartbeat
that
will
you
know,
meet
this
two
seconds.
So
what
is
our
heartbeat
rate?
Currently,
yes,.
E
B
But
what
is
the
critical
path
here
right
so
because
you
know
we
lost
the
habit
and
they,
when
do
we
start
advertising
and
the
you
know,
from
the
loss
of
the
heartbeat,
to
the
point
where
you
know
the
the
the
the
previous
standby
is
the
fully
functional.
So
what
what
are
the?
What
are
the
critical
parts
that
we
need
to
do
and
what?
What
is
the
time
you
know,
spending
on
each
of
the
part,
each
of
those
components
do
we
have
a
you
know
a
breakdown
of
those.
B
C
Be
yeah
so
I
think
from
our
testing
empirically
I
think
we
can
break
it
down
one.
We
don't
have
that
this
thing
yet
I
think
Balki
might
have
something
from
our
testing,
but
it's
not
there
in
this
document,
but
one
thing
the
Govern.
What
we
are
trying
to
do
is
one
optimization,
or
this
thing
that
we
take
here
is
on
the
standby
consciously.
What
we
have
done
is
we
have
tried
not
to
advertise
only
after
we
detect
switchover
because
then
what
happens
is
we
are
adding
to
that?
C
We
are
adding
one
more
component
right
that
the
route
has
to
start
propagating
up
right.
So,
instead
of
that,
what
this
is.
This
is
what
we
did
with
this
thing.
I
think
we
will
talk
about
it
with
the
ecmp
approach
to,
though
so
the
idea
here
is,
we
don't
try
to
create
one
more
leg,
which
is
that
route
propagation
itself
is
to
create.
You
know:
I'll
re-advertise
the
route
only
when
we
do
switch
over.
C
Instead
of
that,
even
before
switchover
we
are
advertising
the
route,
but
with
a
worse
metric
right.
So
all
that
needs
all
that
happens
is
so
when
we
lose
the
route
on
the
active
side
is
when
it
will
switch
over
to
this
backup
path.
So
that
way
we
kind
of
reduce
the
switch
over
time
right.
So
that
is
one
component,
which
is
the
network
component
other
than
this
I.
Think
like
this
thing
was
saying,
like
bulky
was
saying:
150
milliseconds.
This
is
the
actual
heartbeat
detection
time
itself
right.
C
B
C
B
All
right
thanks
so
so
I
I
saw
that
there
was
a
because
it
was
mentioned.
A
metering,
so
I
mean
I.
Just
asked
not
require
related
questioning
it.
I,
don't
know
if
it
has
been
discussed.
So
during
the
switch
over
did.
We
also,
you
know,
replicate
those
metering
and
data
from
the
primary
to
the
backup.
B
C
So
I
think
the
plan
was
I.
Think
the
controller
polls
right
the
to
get
the
collect
the
data
So
within
that
polling
interval
I
think
there
is
some
loss,
so
it
might
have
pulled
the
primary
at
Whatever
frequency
collected
the
collector
of
the
meter
data
and
then,
if
the
switch
over
happens
and
then
we
start
metering
on
the
new
primary
right
on
the
other
side.
So
whatever
is
the
loss
within
that
polling
interval?
That
loss
is
still
there,
but
the
meter
class
Etc
will
remain
constant.
C
C
I,
don't
know
metering,
not
here
but
yeah,
so
this
will
apply
to
a
lot
of
other
things.
Also
right,
one
metering
I
just
bought
it
up,
because
I
put
some
policy
thing
other
than
just
permit
deny,
but
anything
that
anything
that
stats
or
anything
that
we
are
collecting,
because
we
are
the
only
thing
only
thing
that
we
are
sinking
between
the
nodes
is
the
flow
State.
It's
not
really
all
the
metering
State.
We
are
not
syncing
everything,
because
that
would
require
a
lot
of
bandwidth
right
to
do
that.
B
C
Yeah
I
think
or
can
I
act,
maybe
in
somewhere
we'll
elaborate,
we'll
say
that
the
only
states
that
we
sink
I
think
it's
more
of
what
we
think
right.
Everything
else
is
not
synced
I'll.
Add
that
one
I
think
somewhere,
we
say
I
will
make
it
explicit,
I.
Think
somewhere
we
say
we
are
only
syncing.
The
Flow
State
I
can.
D
I
think
you
know
one
thing:
I
think
what
yeah
what
Gohan
is
probably
asking
is
that
what
is
an
expectation
from
the
controller
or
an
outside
entity?
How
often
they
should
pull
and
then
collect
that
statistic
so
that
when
the
switch
over
happens,
you
have
only
lost.
Perhaps
you
know
the
last
sink
that
you
probably
missed
right.
C
Yeah
I
agree,
the
only
thing
is
I
think
what
I
was
trying
to
communicate
was
so
that
would
be
left
to
the
controller
right
on
what
is
the?
What
is
how
much
is
it?
How
much
are
how
much
for
each
of
these
features?
How
much
are
we
ready
to
lose
right,
so
that
depends
on
that
will
dictate
how
often
we
want
to
this
thing,
which
might
be
specific
to
each
feature
or
what
the
controller,
whatever
is
the
expectation
SLA
with
the
top
right?
C
That's
why
that's
what
I
was
meant
to
say
that
in
this
document
we
cannot
recommend
what
to
how
often
to
collect
it
would
be
something
that
is
up
to
the
controller,
but
because
what
I
can
call
out
is
that
we
are
not
it's
not
syncing,
all
the
state
right,
all
the
in-memory
state,
from
actors
to
standby.
What
we
are
thinking
is
only
the
flow
information.
Whatever
is
mentioned
in
this
document.
D
I
think
probably
we
can
do
it
for
the
plan
switch
over
at
least
we
can
protect
the
statistics
for
unplanned.
Perhaps
you
can
lose
it,
but
for
the
plan,
if
you
flush
it
out
or
you
know,
send
it
out
to
the
whatever
the
entity
that
may
be
outside,
which
is
collecting
it,
and
at
least
you
can,
you
can
preserve
the
data.
B
I
mean
if
it's
I
I
think
it's
probably
not
not
that
critical
right,
so
you
know
either
plan
to
switch
over
or
you
know
just
to
make.
Maybe
you
know
the
expectation
you
know.
If
we
do
the
plan
switch
over
then
maybe
the
controller
with
the
the
world
Curry
on
the
primary
right
before
the
switch
over.
So
you
get
the
latest
data
and
once
you
switch
over
then
prove
the
other
side.
B
So
therefore
you
know,
even
though
maybe
the
controller
is
putting
at
the
minute
interval,
but
if
they
do
a
pulling
right
before
the
plan
to
switch
over,
then
they
will
get
at
least
some.
You
know
very
accurate
data
before
they
switch
over
right.
So
you
know
that,
then,
that
that
that
that
should
be,
you
know
addressed
a
little
bit
some
of
some
of
the
concerns
that
we
lose
some
of
the
meter
in
data
during
the
switchover,
because
the
switchover
is
pretty
pretty
fast
right.
So
on
the
order
of
seconds
right.
C
B
For
arm
plan,
I
guess
you
know
there
is
it's
a
little
bit
hard
to
know
when
when
that
happened,
because
that's
unplanned
right
so
therefore
you,
you
might
not
have
the
chance
to
to
query
that
before
the
switch
over
happened.
So
then,
therefore,
the
ex
you
know
we
would
set
up
some
expectations
say
you
know.
If
you
are
creating
a
minute,
then
you
might
be.
You
might
lose
a
minute
of
metering
daylight
during
the
switch
over
yeah
right,
depending
on
depending
on
what
is
your.
B
You
know
the
the
putting
interval,
so
you
know
we
might
and
let
I
I.
You
know
I
hope
that
we
can,
you
know,
call
out
those
you
know
specific
in
the
design
documents
so
that
the
expectation
is
clear.
You
know
on
the
controller
side
because
we're
not
planning
to
do
the
state
replication
for
things
other
than
the
you
know
the
flow
data
right,
so
you
know,
maybe
you
can
call.
So
apart
from
the
mirror
you
mentioned,
there
are
some
other
state.
B
What
what
are
those
other
states
I'm
trying
to
you
know
understand
a
little
bit
more
about
that
scenes
right.
So
so,
if
we,
if
we,
if
we
know
that
the
other
state
that
you
know
application
requires,
maybe
we
can
explicit
cause
those
things
and
those
specific
implications.
It
will
be
it'll,
be
it
would
be
better
right.
So
you
know,
apart
from
metering,
do
you
know
other
things
that
we're
not
replicating.
C
C
E
C
E
Okay,
yeah
stats
and
all
we
don't
obviously
think,
and
obviously
it
is
not
a
sing
for
every
packet
right.
So
we
cannot,
we
will
not
be
able
to
with
respect
to
State.
We
cannot
sync
each
and
every
sequence
number
act,
number
those
things
now
with
respect
to
policy
per
se,
I
think,
whatever
that
we
do
look
up
in
the
active
side,
we
try
to
take
that
result
to
the
standby
as
well.
Yeah.
C
So
I
think
that's
only
things
where
we
have
a
policy
which
has
it
which
carries
its
own
independent
in-memory
state
right.
So
those
are
the
things
I'm
trying
to
look
I,
think
think
of
metering
and
statistics.
I
can't
think
of
any
other
thing
I'll.
We
can
comb
and
try
to
comb
through
all
our
policies
that
we
have
for
serious
right
and
see.
What
is
there
so.
B
E
B
F
That
this
is
John
from
excite
I,
don't
think
it's
in
the
behavioral
model,
but
it's
it.
But
we've
we've
talked
about
this-
that
tracking
the
tracking
the
sequence
number
on
the
sin
like
you
can't
get
into
the
established
state
unless
the
acknowledgments
are
for
the
you
know,
for
the
Sands
and
also
for
closing
the
connection
tracking
the
sequence
number
of
the
fin
I
mean.
If
you
track
the
sequence
number
in
every
single
packet,
you
can
do
even
more
secure
type
things
like
Windows.
F
B
F
Yeah
right,
so
it's
it
seems,
like
the
connection
like,
like
won't
actively
be
removed
like
on
the
Final
Act,
but
that
that
the
flow
would
be
removed
based
on
Aging,
but
there's
a
small
window.
You
know,
there's
like
a
small
window
there
that,
if
the
if
the
switch
over
happened
between
the
fin
and
the
act
for
that
fin,
then
that
flow
might
need
to
be
aged
instead
of
like
actively
removed.
G
D
I
mean
there
are
a
bunch
of
scenarios
here
right
during
establishment
or
during
the
flow
in
in
flight
or
towards
the
end,
when
you're
trying
to
close
the
connection.
There
are
multiple
scenarios
where
you
can
have
this
orphaned
State
on
on
in
the
switch
over
right.
Are
we
relying
on
retransmits
here
or
are
we?
D
C
Yeah,
so
there
is
a
there
are
two
things:
let's
I
think
during
State
change.
There
is
this
thing
there
is
switch
over
during
State
change.
I
think
this
is
what
we're
talking
about
the
Aging
catching
map
right
I,
believe
that
the
flow
itself
when
it
is
an
active
flow,
I
think
during
the
duration
of
the
flow
when
we
switch
over.
That
is
fine.
We
relearn
the
sequence
number
and
then
continue
from
there
on
right,
so
there
there
is
no
right
cost
of
any
kind.
There
is
no
aging
nothing!
Nothing
of
that.
F
C
The
I
think
the
only
thing
is,
since
we
are
using
the
sequence
number,
what
John
was
mentioning
too
only
during
the
state
transitions
right,
either
when
the
state
clear
during
the
create
or
during
the
termination
of
the
state.
So
that
is
when
I
think
the
fallback
mechanism
is
aging
other
than
that
I
think
switch
over
does
not
affect.
We
learn
from
the
flow
and
start
tracking
it
from
on
the
standby
side.
D
B
G
And
since
we're
talking
about
aging,
can
we
I
don't
remember
this
document
also
covering
the
regular
case
when
everything
is
in
steady
state?
We
have
primary
and
secondary.
There
is
a
flow
sync
to
secondary
and
then
that
flow
lasts
for
a
long
time
and
it
should
have
been
aged
out
under
normal
circumstances,
but
there
is
traffic
going
through
primary,
so
primary
won't
age
it
out.
So
how
will
secondary
handle
this.
C
G
G
C
So
I
think
there
is
I
think
all
the
I
think
somewhere
we
had
mentioned,
we
did
rely
on
the
this
thing
re-transmission
from
the
this.
We
can
just
talk
through
quickly
if
you
want
I
think
when
we
complete
this
curve,
this,
whatever
we're
talking
now,
we
can
just
go
back
to
the
packet
flow
and
see
what
happens
in
each
leg.
If
there
is
a
drop
right,
it
gets
covered
by
the
re-transmission
from
the
client,
but
we
can
just
go
through
it.
If
you
want.
G
Okay,
and
also
when
there
is
restimulation
happening
right
in
the
primary
that
is
syncing.
Do
we
at
that
point,
use
the
data
path,
sync
to
sync,
the
entries
that
have
been
changed
because
it
can
happen
in
background
or,
however,
the
DPO
might
implement,
or
will
the
Sonic
grpc
Channel
get
opened
up
open
for
the
re-simulation
related
sync.
B
G
B
G
Two
separate
topics:
retransmission
is
something
that
Sanjay
will
like
you
know.
We
will
be
covering
with
the
example
of
the
packet
flow
in
each
state,
but
the
re-simulation
is
a
separate
topic.
Re-Simulation
is
when
the
policies
might
change
on
the
card
by
the
sdn,
and
you
know
to
handle
that
there
are
different
ways.
Each
GPU
might
be
handling
it,
and
in
that
case,
how
do
we
sync
that
information
of
the
state
change
to
the
a
partner.
B
G
C
Maybe
what
we
can
do
is
let
me
come
I
think
this
may
be
a
picture
that
we
can
use
right.
So
this
is
the
flow
establishment
flow.
Maybe
what
we
can
do
is
I'm
just
thinking
we
can
see
in
each
leg.
If
there
is
a
drop,
how
does
it
get
addressed
right?
That
makes
sense,
so
here
I
think
the
legs
are
we
have
VMA
sending
to
the
primary?
This
is
the
first
leg.
C
Then
there
is
leg
two
where
there
is
a
packet
that
is
synced
to
the
secondary
back
and
then
going.
There
are
four
legs
in
this.
So,
as
you
can
see
right,
if
any
in
any
leg,
if
there
is
a
drop,
let's
say
there
is
a
sin
packet,
so
we
can
think
about
TCP
and
then
UDP.
So
if
you
take
a
TCP
packet
in
any
of
these
four
places,
if
there
is
a
drop,
then
the
vmb
does
not
receive
the
sin
right.
C
So
VMA
would
retransmit
this
in
packet,
write
anything
during
the
connection
establishment
and
that
kind
of
retriggers.
That
kind
of
covers
the
flow
again
right
wherever
there
is
a
loss.
That
will
be
this
thing
so
before
3.
If
there
was,
for
example,
before
leg
number
three,
if
there
was
any
drop,
then
the
primary
DSA
would
keep
continuing
to
send
the
packet
to
the
secondary
DSE,
because
it
hasn't
said
that
it
is
synced
to
the
secondary.
C
Yet
right
so,
let's
say
in
number
two
or
number
three:
the
packet
got
dropped,
then
any
re-transmission
from
from
DM
VMA,
the
primary
DSA
would
primary
would
receive
it.
Send
it
to
the
secondary
would
keep
plan.
You
know
forwarding
it
to
the
secondary
to
if
in
the
state,
but
if
number
three
leg
finishes
right,
so
there
we
get
an
act
back
from
the
secondary
for
the
flow
sync.
We
know
that
the
flow
has
been
synced
to
the
secondary.
After
and
after
that,
let's
say
the
drops
are
happening
in
leg
number.
Four.
C
In
that
case
the
packet
would
come
to
the
primary.
The
primary
would
forward
directly
to
vmb,
because
we
know
that
it's
been
synced
to
the
secondary
already
right.
It
would
sync
to
vmb
and
it
can
kind
of
get
short
circuit
and
then
hoping
that
one
of
the
retransmission
makes
to
vmb.
Then
the
established
whatever
completes
right,
so
that
would
be
the
sequence
if
it
is
UDP
I.
Think,
since
there
is
no
sin
or
there's
not
this
thing
till
the
ACT
comes
back,
we
keep
sending
it
to
the
secondary.
B
C
C
C
B
A
before
you
reach
the
next
leg
number
three:
if
you
receive
a
re-transmission
from
the
VMA,
you
will
always
send
to
the
secondary
right.
So
after
reaching
the
the
leg
straight,
then
you
no
longer
need
to
send
the
packet
to
the
to
the
secondary
directly
sent
to
the
vmb
right.
So,
and
this
applies
to
the
both
TCP
and
UDP,
it's.
C
A
place
to
work
DCP
in
TCP
the
flow
in
good.
This
thing
the
flow.
This
thing
you
do
not
move
past
in
right,
the
sin
packet
in
TCP
in
UDP.
We
don't,
since
we
don't
have
that
sin,
it
only
changes
the
VM
can
transmit
for
the
consecutive
packets,
UDP,
packets
and
all
four
are
lost.
Right
could
happen
that
way
in
TCP,
at
least
because
we
have
the
Cincinnati.
It
gets
gated
by
the
sin.
C
B
C
The
till
three
happens
we
will
not.
We
will
always
forward
the
packet
what
we
receive
in
the
data
part
to
the
secondary
till
three
finishes,
if
both
true
for
both
TCP
and
UDP,
once
three
is
done,
it
is
short
circuited
once
like
three
is
complete.
It
is
short
circuited
on
the
primary
and
forwarded
to
the
destination.
D
But
isn't
it
you
know
it
isn't
too
aggressive
when
it
comes
to
UDP,
depending
upon
the
the
rate
at
which
you're
getting
the
traffic?
Why
do
you
have
to
send
the
entire
traffic?
All
of
it
till
you
receive
an
act,
because
there
is
no
I
mean
the
ACT
is
saying
that
okay
yeah,
you
have
received
a.
Could
you
not
short
circuit
it
earlier
and
by
counting
certain
number
of
packets,
as
opposed
to
basically
sending
all
the
traffic.
C
Yeah
and
if
the
problem
is
that
drop
could
be
in
two
or
three
right:
maybe
it
is
it,
it
is
getting
to
the
secondary
and
getting
dropped.
So
unless
we
forward,
so
there
are
two
things
that
control
this
right.
One
is
the
one.
This
thing
is
goal
is
that
we
don't
want
to
buffer
packets
on
the
primary
right,
because
we
won't
be
able
to
keep
up
with
buffering
right.
So
we
don't
want
to
keep
any
buffered
packets
on
the
primary
and
I
mean
send
it.
C
We
want
to
not
buffer
and
get
the
you
know,
get
the
packet
as
it
comes
and
forward
as
we
wanted.
We
don't
stop
buffering.
That
is.
That
is
one
goal.
The
second
is,
the
drop
could
be
in
either
two
or
three
two,
so
we
want
to
keep
keep
that
thing
alive
by
forwarding
the
whatever
packets
we
receive
from
the
client
to
the
secondary
yeah.
C
D
C
B
Okay,
so
sure
I
mean
so
for
them
I
I.
Just
look
at
the
you
know,
just
a
follow-up
question:
I.
You
know
the
package
between
the
you,
the
Deep
Shield.
There
is
a
Manhattan.
How
is
the
policy
results,
but
what
is
that
used
for?
So
we
just
you
know,
send
the
packet
to
the
innocent
encapsulated
and
send
the
original
packet
to
the
secondary.
B
C
Director
data
itself,
yeah
I,
think
the
metadata
itself
will
depend
on
each
implementation
go
and
that's
why
we
are
not
called
out
the.
What
is
there
in
the
metadata
we're
saying
what
this
thing
will
be.
The
policy
results
at
how
we
keep
the
policy
difference.
For
example,
the
policy
could
be
the
result
of
the
Ackle
or
what
metering
class
we
decided
to
attach.
C
I
think
well,
whatever
is
needed
by
each
of
the
DPO
data
path
to
forward
right,
I
mean
that
needs
to
be
sent
in
the
metadata
or
the
problem
will
be
once
it
receives
on
the
secondary
right.
But
if
you
did
not
put
in
there
is
policy
results
from
the
primary.
We
would
re-evaluate
the
policies
on
the
secondary
right.
G
C
C
C
So
if
the
primary
had
said-
let's
say
in
this
case
right
if
the
primary
primary
configuration
be
just
before
switch
over
the
primary
configuration
for
a
particular
rule
was
permit
right
and
on
the
secondary
that
the
configuration
was
slightly
lagging
behind
and
if
we
evaluated
the
same
flow
on
the
secondary,
it
would
be
denied.
Let's
say
right
the
for
example.
C
So
when
this
happens,
the
when
the
flow
got
created
on
the
primary,
the
metadata
that
gets
synced
back
to
the
secondary
says
that
it
is
permit
and
in
the
current
state
we
would
go
and
install
a
flow
which
says
permit
right.
There
is
unplanned
switch
over
the
primary
switches
over.
We
get
to
the
secondary,
becomes
the
primary
and
starts
forwarding
traffic.
When
you
start
forwarding
traffic,
when
traffic
hits
the
flow,
we
still
see
that
it
is
permit
and
we
we
forward
the
traffic
right.
We
don't
drop
it
right.
C
So
the
end
clients,
VMA
and
BMB,
see
no
difference
in
on
switch
over
right,
but
when
the
reconciliation
happens,
if
the
controller
did
a
Reconciliation
at
that
moment,
without
changing
any
policies,
if
it
continue,
if
it
went
and
initiated
the
reconciliation,
then
we
would
go
update
the
flow
to
say
it's
a
deny
now
right,
then
we
would
start
seeing
drops,
but
what
we
expect
is
the
controller
would
make
sure
that
we
would
know
that.
Okay,
the
secondary,
is
slightly
behind
on
the
policies
before
calling
reconciliation.
C
It
would
push
the
new
policies
right
so
that
it
comes
in
line
with
whatever
was
the
policy
on
the
primary
and
then
calls
the
reconcile
when
it
calls
the
reconcile.
We
see
that
it
is
a
no
op.
It
was
a
prime
permit
before
even
now,
it's
a
permit.
There
is
nothing
to
be
reconciled
right
when
there's
no
change
in
the
state.
So
this
way
there
is
no
disruption.
G
But
yeah
I
I
understand
what
you're
saying,
but
why
would
the
controller?
Is
this
really
a
requirement
for
controller
to
wait
for
the
switchover
to
update
the
policies?
I
thought
controller
tries
to
keep
policies
same
on
both
primary
and
secondary
at
all
times
there
might
be
a
delay,
but
it's
in
a
matter
of
like
seconds.
It's
not
something
that
lasts
for
long.
C
So
I
think
I'm
not
saying
they
wait
for
this
thing.
It
might
be
delayed
right
it
might
it
may
not
be
it's
not
Atomic
that
it
sinks
the
configuration
to
the
primary
and
the
second
is
the
same
time.
But
if
we
go
ahead
and
do
a
reconcile
or
we
apply,
I
mean
we
apply
the
secondary
policies
immediately.
Then
there
are
more
chances
that
we
will
actually
disrupt
traffic
because
the
conflict
of
the
policy
configuration
on
the
two
is
not
in
sync
right.
C
F
C
F
C
E
F
E
That
is
a
must,
but
the
mapping
actually
see
when
it
started.
There
was
no
obviously
recruitment
on
that
side,
and
also
the
scale
of
the
mapping
is
huge.
It's
humongous
and
it's
like
it's
it's
affecting
yeah,
so
yeah
that
that
is
some.
That
is
some
requirement
that
has
been
you
know,
raised
by
Microsoft.
B
Sure,
okay,
so
I,
I,
sorry,
I,
I,
I,
think
the
Christianity
in
a
time
check
so
I
think
this
may
be
a
little
bit
bigger
topic.
So,
okay,
so
how
about
the
you
know,
I
think
we
get
the
quite
a
few
feedbacks
on
the
document
right,
so
I
don't
know
who
who
I
can
summarize
it,
but
the
reason
someone
can
put
down
the
you
know.
Maybe
you
know
the
MD
can
take
action
item
to
update
the
documents
right.
B
So
I
think
that
there
are
a
few
things
that
we
found
out
that
the
the
document
doesn't
have
enough
details
right.
So
maybe
you
can
summarize
those-
and
you
know
for
the
for
the
met
for
the
metadata
policy
since
it
looks
like
we
need
more
discussion
on
that
right.
So
it's
not
clear
in
the
document
what
is
needed,
whether
it's
optional?
You
know
we
see
argument
on
that.
The.
A
B
D
B
A
B
Maybe
even
the
exactly
the
packet
format,
that
is,
you
know,
implementation
data
but
I
I'm,
thinking
like
at
least
from
the
requirement
side
right.
So
you
know
there's
same
some.
You
know
requirements
that
have
haven't
been
captured
in
this
document
like
what
you
know
because
I
think
Sanjay
mentioned.
You
know
someone
mentioned
there's
Microsoft
requirements,
say:
okay,
you
know
some
policy
need
to
be
carried
out,
but
it's
not
explicitly
called
out
in
the
document
right.
So
therefore,
you
know
there
is
some
confusings
on
on
that
front.
B
C
A
C
G
A
I'll
make
a
note
and
and
I
know,
restimulation
has
been,
you
know
on
the
top
of
our
minds.
We
need
to
figure
out
how
we
want
to
do
it.
Also
how
we
want
to
you
know:
how
does
it
get
triggered?
What
are
the
the?
What
are
the
triggers?
How
do
we
trigger
what
kind
of
API
so
yeah
I'll
mark
that
down
sure,
but
I'll
go
ahead
and
stop
the
recording
and
post
it
later
today,
I
appreciate
everyone's
time
and
Sanjay
I'll
get
with
you
on
my
notes.